<?php
ob_start();
session_start();
$userName=$_SESSION['userName'];
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 5000000)
&& in_array($extension, $allowedExts))
{
    if ($_FILES["file"]["error"] > 0)
    {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
    else
    {
        echo "Upload: " . $_FILES["file"]["name"] . "<br>";
        echo "Type: " . $_FILES["file"]["type"] . "<br>";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
        $filename = $_FILES["file"]["name"];
        if (file_exists("userphotos/" . $filename))
        {
            echo $filename . " already exists. ";
        }
        else
        {
            move_uploaded_file($_FILES["file"]["tmp_name"],"userphotos/" . $filename);
            echo "Stored in: " . $filename;
            
        }
        include("dbinfo.inc.php");
        mysql_connect(localhost,$username,$password);
        @mysql_select_db($database) or die( "Unable to select database");
        if(!$userName)
        {
    	    echo "<p>Please login</p><br/>";
	    }
	    else
	    {
            $query="UPDATE Account SET photo='$filename' WHERE userName like '$userName'";
            $result=mysql_query($query);
	    }
	    mysql_close();
    }
}
else
{
    echo "Invalid file";
}
header("Location: account.php");
ob_flush();
?> 
